Controllerless Networks

I've done a number of controller-based installations in residential locations. Recently I attempted using IAP-103's and it didn't go well at all. Luckily I had a 7005 controller and just converted all of the IAP's to campus AP's. The issue I experienced was once I configured the first IAP & it rebooted one of two things happened. First either the new SSID wasn't appearing and couldn't connect to it with my laptop. Second, the newly provisioned AP couldn't communicate with the other 6 AP's. Essentially I was able to get the first IAP provisioned & working most of the time, but adding the subsequent IAP's wasn't working at all. 

 

All of the documentation I've read explains clearly how to setup the very first IAP, but I haven't found anything solid that explains adding the rest of the IAP's to the new cluster. Am I missing something simple here. I keep hearing that this is supposed to be totally easy, but my experience was anything but. Also, when you're dealing with multiple VLANs, what is the best practice for switchport configuration?

 

Also, as far as residential & Instant are concerned, I'd love to hear what others have used for routers in this type of deployment. Thanks in advance!

Usually you would have a native management VLAN that the IAPs use to communicate with each other. Then you would tag data VLANs for users.

As long as there is L2 adjacency, they should auto-join the cluster.


Thanks,
Tim

Do you remember which IAP-103 software version you were using? And which country code were you using? How were the IAP getting their IP addresses (where is the DHCP server)?

In general new IAPs join the existing IAP to form a single cluster when it detects a broadcast beacon from the first IAP in the same management VLAN. Broadcast beacons are by default sent untagged, so the uplink switch need to have a native VLAN configured to allow the untagged beacons be broadcasted to other IAPs. The IAPs also communicate with each other over a UDP port and HTTP/HTTPS, so the switch need to allow these communications to pass through.

Yan, it was 6.4.2.0. Country code was US. DHCP was configured on the 7005 controller which was only operating as a router/firewall and not a WLC initially. 

 

In this scenario, the AP's & wired/wireless clients are all on the same VLAN. Probably the most frustrating part of the process was that once I configured that first IAP, it seemed like it took an extremely long time for my Windows 8 laptop to associate with the new configured SSID. I suppose its possible it was related to an issue with my laptop. Anyone else run into this?

Clayman, 

 

Most likely what you were running into was broadcast traffic on that flat network interfering with the beacons between the APs to establish discovering and joining the cluster. The wireless performance can even be impacted if the traffic on the wire is not properly segmented. 

It is a best practice to create a dedicated management VLAN just for the IAPs. This VLAN would be your native or untagged VLAN on the switch port. The APs will need to get their DHCP service from this VLAN and this VLAN would be the one ideally that you would configure the virtual controller IP to be on. 

Create other VLANs dependent on the customer requirements and tag these VLANs on the switchports supporting the APs. You can address directing user traffic to these VLANs within your configuration on the APs. It can be a static assigment per SSID or per user role.

Depending on what is on that flat network you might want to potentially even segment the wired traffic to improve performance for other systems. 

We have installed the IAPs in several residential/assisted living/hospitality environments and it works really well if you follow best practices.  

Good luck.

Thanks, Michael. I will definitely do the untagged VLAN going forward for the IAP's. What sort of routers do you like to use in conjunction with IAPs? Specifically in either residential or small commercial deployments. 

Clayman,

In smaller deployments we like the Fortinet line of UTM devices. In larger ones we opt for Palo Alto.

Michael McNamee
Senior Network Engineer

www.securedgenetworks.com